ffmpeg.git
2 months agoavcodec/hevc_refs: Optimize 16bit generate_missing_ref()
Michael Niedermayer [Tue, 6 Aug 2019 16:05:02 +0000 (18:05 +0200)]
avcodec/hevc_refs: Optimize 16bit generate_missing_ref()

Fixes: Timeout (86sec -> 8sec) [these numbers assume also "[FFmpeg-devel] [PATCH 2/5] [RFC] avcodec/hevcdec: Check for overread in hls_decode_entry()"]
Fixes: 15702/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5657764929470464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/scpr: Use av_memcpy_backptr() in type 17 and 33
Michael Niedermayer [Mon, 29 Jul 2019 22:52:18 +0000 (00:52 +0200)]
avcodec/scpr: Use av_memcpy_backptr() in type 17 and 33

This makes the changed code-path faster.

Change not tested except with the fuzzer testcase as I found no other testcase.

Improves: Timeout (136sec -> 74sec)
Improves: 16040/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5705876062601216

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
2 months agoavcodec/tiff: Enforce increasing offsets
Michael Niedermayer [Thu, 8 Aug 2019 23:23:46 +0000 (01:23 +0200)]
avcodec/tiff: Enforce increasing offsets

This may break some valid tiff files, it appears the specification does not require
the offsets to be increasing. They increase in the 2 test files i have though except
the last offset which is 0 (an end marker) and for which a special case is added to
avoid asking for a sample for that end marker.

See: [FFmpeg-devel] [PATCH 2/2] avcodec/tiff: Detect infinite retry loop
for an alternative implementation

Fixes: Timeout (Infinite -> Finite)
Fixes: 15706/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5114674904825856

This variant was requested by paul on IRC
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/dds: Use ff_set_dimensions()
Michael Niedermayer [Sat, 10 Aug 2019 21:09:49 +0000 (23:09 +0200)]
avcodec/dds: Use ff_set_dimensions()

Fixes: signed integer overflow: 2082471995 * 36 cannot be represented in type 'int'
Fixes: 16025/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DDS_fuzzer-5136663778426880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/vividas: Fix another infinite loop
Michael Niedermayer [Sat, 10 Aug 2019 21:09:47 +0000 (23:09 +0200)]
avformat/vividas: Fix another infinite loop

Not found by the fuzzer

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/vividas: Fix infinite loop in header parser
Michael Niedermayer [Sat, 10 Aug 2019 21:09:46 +0000 (23:09 +0200)]
avformat/vividas: Fix infinite loop in header parser

Fixes: Timeout (Infinite -> Finite)
Fixes: 16010/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5638616102993920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/mpc8: Fix 32bit mask/enum
Michael Niedermayer [Sat, 10 Aug 2019 21:09:42 +0000 (23:09 +0200)]
avcodec/mpc8: Fix 32bit mask/enum

Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 15817/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC8_fuzzer-5636626409062400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/alsdec: Fix integer overflows of raw_samples in decode_var_block_data()
Michael Niedermayer [Fri, 26 Jul 2019 13:37:30 +0000 (15:37 +0200)]
avcodec/alsdec: Fix integer overflows of raw_samples in decode_var_block_data()

This also makes the code consistent with the existing similar MUL64()
in decode_var_block_data()

Fixes: signed integer overflow: -7277630735906765035 + -3272193951413647896 cannot be represented in type 'long'
Fixes: 16015/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5666552818434048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/alsdec: Fix integer overflow of raw_samples in decode_blocks()
Michael Niedermayer [Fri, 26 Jul 2019 12:33:14 +0000 (14:33 +0200)]
avcodec/alsdec: Fix integer overflow of raw_samples in decode_blocks()

Fixes: signed integer overflow: 2147483424 - -1772303236 cannot be represented in type 'int'
Fixes: 15708/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5067890362941440

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/alsdec: fix mantisse shift
Michael Niedermayer [Fri, 26 Jul 2019 15:07:01 +0000 (17:07 +0200)]
avcodec/alsdec: fix mantisse shift

Fixes: shift exponent -1 is negative
Fixes: 16039/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5656825657032704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/pngdec: consider chunk size in minimal size check
Michael Niedermayer [Sun, 21 Jul 2019 22:03:15 +0000 (00:03 +0200)]
avcodec/pngdec: consider chunk size in minimal size check

assuming each block contains an empty chunk there has to be at least 8 bytes extra.

Fixes: 15327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LSCR_fuzzer-5676669303521280
Fixes: Timeout (11->5sec)

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/vc1_block: Fix invalid shifts in vc1_decode_i_blocks()
Michael Niedermayer [Sat, 22 Jun 2019 12:21:43 +0000 (14:21 +0200)]
avcodec/vc1_block: Fix invalid shifts in vc1_decode_i_blocks()

Fixes: left shift of negative value -9
Fixes: 15299/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSS2_fuzzer-5660922678345728
Fixes: 15557/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5673351911047168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/vc1_block: fix invalid shift in vc1_decode_p_mb()
Michael Niedermayer [Sat, 22 Jun 2019 10:35:24 +0000 (12:35 +0200)]
avcodec/vc1_block: fix invalid shift in vc1_decode_p_mb()

Fixes: left shift of negative value -5
Fixes: 15294/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5733921754447872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/aacdec_template: fix integer overflow in imdct_and_windowing()
Michael Niedermayer [Tue, 9 Jul 2019 22:04:02 +0000 (00:04 +0200)]
avcodec/aacdec_template: fix integer overflow in imdct_and_windowing()

Fixes: signed integer overflow: 2147483645 + 4 cannot be represented in type 'int'
Fixes: 15418/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5685269069561856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agolavc/videotoolboxenc: make transfer_fnc initialized for unsupport function
Limin Wang [Wed, 17 Jul 2019 22:59:35 +0000 (06:59 +0800)]
lavc/videotoolboxenc: make transfer_fnc initialized for unsupport function

The current function will report one error message, but the caller func
haven't check it, so change the default to process as AVCOL_TRC_UNSPECIFIED.

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: Rick Kern <kernrj@gmail.com>
2 months agolavc/videotoolboxenc: add hdr10, linear, hlg color transfer function for videotoolboxenc
Limin Wang [Wed, 26 Jun 2019 10:57:59 +0000 (18:57 +0800)]
lavc/videotoolboxenc: add hdr10, linear, hlg color transfer function for videotoolboxenc

Below is the testing ffmpeg command for the setting:
./ffmpeg -i input.ts -c:v hevc_videotoolbox -color_primaries bt2020 -colorspace bt2020_ncl -color_trc smpte2084 smpte2048.ts
./ffmpeg -i input.ts -c:v hevc_videotoolbox -color_primaries bt2020 -colorspace bt2020_ncl -color_trc linear linear.ts
./ffmpeg -i input.ts -c:v hevc_videotoolbox -color_primaries bt2020 -colorspace bt2020_ncl -color_trc arib-std-b67 hlg.ts

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: Rick Kern <kernrj@gmail.com>
2 months agoMAINTAINERS: Add my GnuPG fingerprint.
Thilo Borgmann [Sun, 11 Aug 2019 10:08:15 +0000 (12:08 +0200)]
MAINTAINERS: Add my GnuPG fingerprint.

2 months agolavc/r210enc: Fix undefined behaviour encoding r10k.
Carl Eugen Hoyos [Mon, 1 Jul 2019 11:06:02 +0000 (13:06 +0200)]
lavc/r210enc: Fix undefined behaviour encoding r10k.

Fixes the following ubsan error:
libavcodec/r210enc.c:69:28: runtime error: left shift of 522 by 22 places cannot be represented in type 'int'

Fixes ticket #7982.

2 months agolavc/vc2enc_dwt: Avoid left-shifting a negative value.
Carl Eugen Hoyos [Tue, 2 Jul 2019 09:38:14 +0000 (11:38 +0200)]
lavc/vc2enc_dwt: Avoid left-shifting a negative value.

Fixes ticket #7985.

2 months agolavc/frame_thread_encoder: Do not memcpy() from NULL.
Carl Eugen Hoyos [Tue, 2 Jul 2019 09:42:32 +0000 (11:42 +0200)]
lavc/frame_thread_encoder: Do not memcpy() from NULL.

Fixes ticket #7981.

2 months agolavc/libx264: Cast cpb bit_rates to int64_t to avoid an integer overflow.
Carl Eugen Hoyos [Sat, 10 Aug 2019 21:52:59 +0000 (23:52 +0200)]
lavc/libx264: Cast cpb bit_rates to int64_t to avoid an integer overflow.

Fixes remaining part of ticket #8071 on next version bump.

2 months agolavf/dump: Fix cpb bitrate type after next major bump.
Carl Eugen Hoyos [Sat, 10 Aug 2019 12:43:58 +0000 (14:43 +0200)]
lavf/dump: Fix cpb bitrate type after next major bump.

2 months agolavf/dump: Fix vbv_delay type specifier.
Carl Eugen Hoyos [Sat, 10 Aug 2019 21:33:10 +0000 (23:33 +0200)]
lavf/dump: Fix vbv_delay type specifier.

Spotted-by: James Almer
2 months agolavc/libx264: Cast bit_rate to int64_t to avoid an integer overflow.
Carl Eugen Hoyos [Sat, 10 Aug 2019 15:10:58 +0000 (17:10 +0200)]
lavc/libx264: Cast bit_rate to int64_t to avoid an integer overflow.

Fixes ticket #8071.

2 months agolavc/libx264: bit_rates > INT_MAX are not supported.
Carl Eugen Hoyos [Sat, 10 Aug 2019 12:40:23 +0000 (14:40 +0200)]
lavc/libx264: bit_rates > INT_MAX are not supported.

2 months agoavformat/rtpdec_mpeg4: Fix integer parameters size check in SDP fmtp line
Olivier Maignial [Wed, 24 Jul 2019 08:20:14 +0000 (10:20 +0200)]
avformat/rtpdec_mpeg4: Fix integer parameters size check in SDP fmtp line

=== PROBLEM ===

I was trying to record h264 + aac streams from an RTSP server to mp4 file. using this command line:
    ffmpeg -v verbose -y -i "rtsp://<ip>/my_resources" -codec copy -bsf:a aac_adtstoasc test.mp4

FFmpeg then fail to record audio and output this logs:
    [rtsp @ 0xcda1f0] The profile-level-id field size is invalid (40)
    [rtsp @ 0xcda1f0] Error parsing AU headers
    ...
    [rtsp @ 0xcda1f0] Could not find codec parameters for stream 1 (Audio: aac, 48000 Hz, 1 channels): unspecified sample format

In SDP provided by my RTSP server I had this fmtp line:
    a=fmtp:98 streamType=5; profile-level-id=40; mode=AAC-hbr; config=1188; sizeLength=13; indexLength=3; indexDeltaLength=3;

In FFmpeg code, I found a check introduced by commit 24130234cd9dd733116d17b724ea4c8e12ce097a. It disallows values greater than 32 for fmtp line parameters.
RFC-4566 (SDP: Session Description Protocol) do not give any limit of size on interger parameters given in an fmtp line.

However, In RFC-6416 (RTP Payload Format for MPEG-4 Audio/Visual Streams) give examples of "profile-level-id" values for AAC, up to 55.

=== FIX ===

As each parameter may have its own min and max values
I propose to introduce a range for each parameter.
For this patch I used RFC-3640 and ISO/IEC 14496-1 as reference for validity ranges.

This patch fix my problem and I now can record my RTSP AAC stream to mp4.
It has passed the full fate tests suite sucessfully.

Signed-off-by: Olivier Maignial <olivier.maignial@smile.fr>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agotools/zmqsend: Avoid mem copy past the end of input buffer
Andriy Gelman [Thu, 8 Aug 2019 14:37:10 +0000 (10:37 -0400)]
tools/zmqsend: Avoid mem copy past the end of input buffer

This patch avoids a read past the end of the input buffer in memcpy since the size
of the received zmq message is recv_buf_size - 1.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agodoc/fate: Document how to request samples upload access
Michael Niedermayer [Wed, 7 Aug 2019 19:18:12 +0000 (21:18 +0200)]
doc/fate: Document how to request samples upload access

The awnser which most people will seek is put first

Reviewed-by: Thilo Borgmann <thilo.borgmann@mail.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agodoc/ffmpeg: Document dts_error_threshold option
Jun Zhao [Sun, 21 Jul 2019 04:36:21 +0000 (12:36 +0800)]
doc/ffmpeg: Document dts_error_threshold option

Document dts_error_threshold option.

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2 months agoexamples/encode_video: only add sequence end code for mpeg1/2 video
Jun Zhao [Mon, 5 Aug 2019 04:53:55 +0000 (12:53 +0800)]
examples/encode_video: only add sequence end code for mpeg1/2 video

Only add sequence end code for mpeg1/mpeg2 video, or else use the encoder
libx264 or libx265 in this sample, decoding the output file will get
unknow NALU type error.

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2 months agolavf/showinfo: use error level when get invalid sidedata
Jun Zhao [Mon, 5 Aug 2019 06:33:41 +0000 (14:33 +0800)]
lavf/showinfo: use error level when get invalid sidedata

Use error level when get invalid sidedata, and remove a unnecessary
newline in error message.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2 months agolavf/showinfo: support mastering display sidedata
Jun Zhao [Sun, 4 Aug 2019 09:35:29 +0000 (17:35 +0800)]
lavf/showinfo: support mastering display sidedata

support mastering display sidedata.

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2 months agolavf/hls: add http_seekable option for HTTP partial requests
Jun Zhao [Wed, 7 Aug 2019 16:12:16 +0000 (00:12 +0800)]
lavf/hls: add http_seekable option for HTTP partial requests

Add http_seekable option for HTTP partial requests, when The
EXT-X-BYTERANGE tag indicates that a Media Segment is a sub-range
of the resource identified by its URI, we can use HTTP partial
requests to get the Media Segment.

Reviewed-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2 months agolavf/vf_vpp_qsv: add support for QSV transpose filter
Linjie Fu [Wed, 10 Jul 2019 17:57:46 +0000 (01:57 +0800)]
lavf/vf_vpp_qsv: add support for QSV transpose filter

Add transpose support for qsv_vpp with rotate and hflip:
    - rotate: [0, 3] support clockwise rotation of 0, 90, 180, 270;
    - hflip:  [0, 1] support horizontal flip;

Configure with:
{"cclock_hflip","clock","cclock","clock_hflip","reversal","hflip","vflip"}

CMD:
ffmpeg -hwaccel qsv -c:v h264_qsv -i input.h264
    -vf 'format=qsv,vpp_qsv=transpose=clock' -c:v h264_qsv output.h264

ffmpeg -init_hw_device qsv=hw -filter_hw_device hw -c:v h264_qsv -i input.h264
    -vf 'hwupload=extra_hw_frames=64,format=qsv,vpp_qsv=transpose=cclock_hflip'
                            -f rawvideo -pix_fmt nv12 ./transpose.yuv

Signed-off-by: Linjie Fu <linjie.fu@intel.com>
Signed-off-by: Zhong Li <zhong.li@intel.com>
2 months agoavfilter/vf_convolution: add x86 SIMD for filter_3x3()
Ruiling Song [Thu, 27 Jun 2019 02:07:21 +0000 (10:07 +0800)]
avfilter/vf_convolution: add x86 SIMD for filter_3x3()

Tested using a simple command (apply edge enhance):
./ffmpeg_g -i ~/Downloads/bbb_sunflower_1080p_30fps_normal.mp4 \
 -vf convolution="0 0 0 -1 1 0 0 0 0:0 0 0 -1 1 0 0 0 0:0 0 0 -1 1 0 0 0 0:0 0 0 -1 1 0 0 0 0:5:1:1:1:0:128:128:128" \
 -an -vframes 1000 -f null /dev/null

The fps increase from 151 to 270 on my local machine.

Signed-off-by: Ruiling Song <ruiling.song@intel.com>
2 months agoRevert "avformat/rtpdec_rfc4175: Fix incorrect copy_offset calculation"
Michael Niedermayer [Tue, 6 Aug 2019 08:35:38 +0000 (10:35 +0200)]
Revert "avformat/rtpdec_rfc4175: Fix incorrect copy_offset calculation"

Reverted at the request of the Author due to potential regression with SMPTE 2110-20

This reverts commit 9051092e73666e95986eb2d596cc0867aea05c3d.

2 months agoconfigure: cuda_llvm: fix include path for MSYS2
Ricardo Constantino [Mon, 5 Aug 2019 19:47:03 +0000 (20:47 +0100)]
configure: cuda_llvm: fix include path for MSYS2

MSYS2 converts paths to MinGW-based applications from unix to
pseudo-windows paths on execution time.
Since there was no space between '-include' and the path, MSYS2 doesn't
detect the path properly.

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2 months agoavcodec/alsdec: Check for block_length <= 0 in read_var_block_data()
Michael Niedermayer [Fri, 26 Jul 2019 13:26:08 +0000 (15:26 +0200)]
avcodec/alsdec: Check for block_length <= 0 in read_var_block_data()

Fixes: left shift of negative value -1
Fixes: 15719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5685731105701888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/vqavideo: Set video size
Michael Niedermayer [Thu, 25 Jul 2019 22:35:32 +0000 (00:35 +0200)]
avcodec/vqavideo: Set video size

Fixes: out of array access
Fixes: 15919/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VQA_fuzzer-5657368257363968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/sanm: Check extradata_size before allocations
Michael Niedermayer [Mon, 15 Jul 2019 21:26:05 +0000 (23:26 +0200)]
avcodec/sanm: Check extradata_size before allocations

Fixes: Leaks
Fixes: 15349/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SANM_fuzzer-5102530557640704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/rtpdec_rfc4175: Fix incorrect copy_offset calculation
Jacob Siddall [Thu, 27 Jun 2019 06:06:22 +0000 (06:06 +0000)]
avformat/rtpdec_rfc4175: Fix incorrect copy_offset calculation

The previous calculation code did not account for the fact that the
copy_offset for the start of the frame array is at index 0, yet the
scan line number from the rfc4175 RTP header starts at 1.
This caused 2 issues to appear:
- The first scan line was being copied into the array where the second
  scan line should be. This caused the resulting video to have a green
  line at the top of it.
- Since the packet containing the last scan line would fail the
  calculation, the packet with the RTP marker would not be processed
  which caused a log message saying "Missed previous RTP marker" to be
  outputted for each frame.

Signed-off-by: Jacob Siddall <kobe@live.com.au>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agolibavcodec/iff: Use unsigned to avoid undefined behaviour
Andreas Rheinhardt [Fri, 2 Aug 2019 20:29:16 +0000 (22:29 +0200)]
libavcodec/iff: Use unsigned to avoid undefined behaviour

The initialization of the uint32_t plane32_lut matrix uses left shifts
of the form 1 << plane; plane can be as big as 31 which means that this
is undefined behaviour as 1 will be simply an int. So make it unsigned
to avoid this.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/mss1: check for overread and forward errors
Michael Niedermayer [Fri, 2 Aug 2019 22:29:48 +0000 (00:29 +0200)]
avcodec/mss1: check for overread and forward errors

Fixes: Timeout (106sec -> 14ms)
Fixes: 15576/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSS1_fuzzer-5688080461201408

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/loco: Check for end of input in pixel decode
Michael Niedermayer [Fri, 2 Aug 2019 20:14:22 +0000 (22:14 +0200)]
avcodec/loco: Check for end of input in pixel decode

Fixes: Timeout (100sec -> 5sec)
Fixes: 15509/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5724297261219840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/dirac_parser: Fix overflow in dts
Michael Niedermayer [Thu, 11 Jul 2019 21:23:07 +0000 (23:23 +0200)]
avcodec/dirac_parser: Fix overflow in dts

Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 15568/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5634719611355136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/ralf: Fix undefined pointer in decode_channel()
Michael Niedermayer [Sun, 4 Aug 2019 15:25:55 +0000 (17:25 +0200)]
avcodec/ralf: Fix undefined pointer in decode_channel()

Fixes: 16203/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5086088934195200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/ralf: Fix integer overflow in apply_lpc()
Michael Niedermayer [Sun, 4 Aug 2019 15:20:45 +0000 (17:20 +0200)]
avcodec/ralf: Fix integer overflow in apply_lpc()

Fixes: signed integer overflow: 1603085316 + 1238786562 cannot be represented in type 'int'
Fixes: 16203/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5086088934195200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/vorbisdec: Implement vr->classifications = 1
Michael Niedermayer [Sun, 4 Aug 2019 15:10:18 +0000 (17:10 +0200)]
avcodec/vorbisdec: Implement vr->classifications = 1

It appears no valid file uses this, so this is not testable with
a valid file.

Fixes: assertion failure
Fixes: 16187/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5638880618872832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/vorbisdec: Check parameters in vorbis_floor0_decode() before divide
Michael Niedermayer [Sun, 4 Aug 2019 10:28:55 +0000 (12:28 +0200)]
avcodec/vorbisdec: Check parameters in vorbis_floor0_decode() before divide

Fixes: division by zero
Fixes: 16183/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5688966782648320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/realtextdec: Check for duplicate extradata in realtext_read_header()
Michael Niedermayer [Sun, 4 Aug 2019 10:21:51 +0000 (12:21 +0200)]
avformat/realtextdec: Check for duplicate extradata in realtext_read_header()

Fixes: memleak
Fixes: 16140/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5684008052064256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/vividas: Fix memleak of AVIOContext in track_header()
Michael Niedermayer [Sun, 4 Aug 2019 10:13:21 +0000 (12:13 +0200)]
avformat/vividas: Fix memleak of AVIOContext in track_header()

Fixes: memleak
Fixes: 16127/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5649290914955264

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/cfhd: Check destination space for bayer before writing
Michael Niedermayer [Sun, 4 Aug 2019 10:03:35 +0000 (12:03 +0200)]
avcodec/cfhd: Check destination space for bayer before writing

Fixes: out of array write
Fixes: 16105/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-5690817309573120
Fixes: 16119/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-5099050675732480
Fixes: 16135/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-5705501601431552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/cfhd: Fix linesize type
Michael Niedermayer [Sun, 4 Aug 2019 10:02:33 +0000 (12:02 +0200)]
avcodec/cfhd: Fix linesize type

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/cbs_av1_syntax_template: Check ref_frame_idx before use
Michael Niedermayer [Sun, 4 Aug 2019 07:51:26 +0000 (09:51 +0200)]
avcodec/cbs_av1_syntax_template: Check ref_frame_idx before use

Fixes: index -1 out of bounds for type 'AV1ReferenceFrameState [8]'
Fixes: 16079/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5758807440883712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
See: [FFmpeg-devel] [PATCH 05/13] avcodec/cbs_av1_syntax_template: Check ref_frame_idx before use
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/apedec: Fix 2 signed overflows
Michael Niedermayer [Sun, 4 Aug 2019 07:46:34 +0000 (09:46 +0200)]
avcodec/apedec: Fix 2 signed overflows

Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int'
Fixes: signed integer overflow: 2049431315 + 262759074 cannot be represented in type 'int'
Fixes: 16012/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5719016003338240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/mss3: Check for the rac stream being invalid in rac_normalize()
Michael Niedermayer [Sun, 4 Aug 2019 07:33:45 +0000 (09:33 +0200)]
avcodec/mss3: Check for the rac stream being invalid in rac_normalize()

Fixes: out of array read
Fixes: 15982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSA1_fuzzer-5630676251967488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/vc1_block: Check get_vlc2() return before use
Michael Niedermayer [Sun, 4 Aug 2019 06:32:58 +0000 (08:32 +0200)]
avcodec/vc1_block: Check get_vlc2() return before use

Fixes: index -1 out of bounds for type 'const uint8_t [185][2]'
Fixes: 15720/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSS2_fuzzer-5666071933091840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/apedec: Do not partially clear data array
Michael Niedermayer [Sun, 4 Aug 2019 06:26:40 +0000 (08:26 +0200)]
avcodec/apedec: Do not partially clear data array

Fixes: Assertion failure and memleak
Fixes: 15709/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5182435093905408

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/atrac9dec: Check grad_range[1] more tightly
Michael Niedermayer [Sat, 3 Aug 2019 22:45:20 +0000 (00:45 +0200)]
avcodec/atrac9dec: Check grad_range[1] more tightly

Alternatively the array could be made bigger but the extra values
would not be read without other changes.

Fixes: Out of array access
Fixes: 15658/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5738260074070016

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/atrac9dec: Remove impossible condition
Michael Niedermayer [Sat, 3 Aug 2019 22:37:52 +0000 (00:37 +0200)]
avcodec/atrac9dec: Remove impossible condition

Suggested-by: Lynne <dev@lynne.ee>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/bink: Add many end of input checks
Michael Niedermayer [Sat, 3 Aug 2019 22:09:32 +0000 (00:09 +0200)]
avcodec/bink: Add many end of input checks

Fixes: Timeout (83sec -> 15sec)
Fixes: 15595/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5689153263501312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agocompat/cuda: Change inclusion guards
Andreas Rheinhardt [Mon, 5 Aug 2019 01:09:41 +0000 (03:09 +0200)]
compat/cuda: Change inclusion guards

cuda_runtime.h as well as dynlink_loader.h used nonstandard inclusion
guards with an AV_ prefix, although these files are not in an libav*/
path. So change the inclusion guards and adapt the ref file of the
source fate test accordingly.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2 months agobuild: add support for building CUDA files with clang
Rodger Combs [Tue, 30 Jul 2019 07:51:42 +0000 (02:51 -0500)]
build: add support for building CUDA files with clang

This avoids using the CUDA SDK at all; instead, we provide a minimal
reimplementation of the basic functionality that lavfi actually uses.
It generates very similar code to what NVCC produces.

The header contains no implementation code derived from the SDK.
The function and type declarations are derived from the SDK only to the
extent required to build a compatible implementation. This is generally
accepted to qualify as fair use.

Because this option does not require the proprietary SDK, it does not require
the "--enable-nonfree" flag in configure.

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2 months agoavcodec/h263dec: enable nvdec hwaccel
Stefan Schoenefeld [Fri, 2 Aug 2019 09:18:10 +0000 (09:18 +0000)]
avcodec/h263dec: enable nvdec hwaccel

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2 months agoavcodec/h263dec: fix hwaccel decoding
Stefan Schoenefeld [Fri, 2 Aug 2019 09:18:10 +0000 (09:18 +0000)]
avcodec/h263dec: fix hwaccel decoding

Recently we encountered an issue when decoding a h.263 file:

FFmpeg will freeze when decoding h.263 video with NVDEC. Turns out this is not directly related to NVDEC but is a problem that shows with several other HW decoders like VDPAU, though the exact kind of error is different (either error messages or freezing[1]). The root cause is that ff_thread_finish_setup() is called twice per frame from ff_h263_decode_frame(). This is not supported by ff_thread_finish_setup() and specifically checked for and warned against in the functions code. The issue is also specific to hw accelerated decoding only as the second call to ff_thread_finish_setup() is only issued when hw acceleration is on. The fix is simple: add a check that the first call is only send when hw acceleration is off, and the second call only when hw acceleration is on (see attached patch). This works fine as far as I was able to test with vdpau and nvdec/nvcuvid hw decoding. The patch also adds NVDEC to the hw config list if available.

I also noticed a secondary issue when browsing through the code which is that, according to documentation, ff_thread_finish_setup() should only be called if the codec implements update_thread_context(), which h263dec does not. The patch does not address this and I'm not sure any action needs to be taken here at all.

[1] This is depending on whether or not the hw decoder sets the  HWACCEL_CAPS_ASYNC_SAFE flag

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2 months agoavcodec/hnm4video: Forward errors of decode_interframe_v4()
Michael Niedermayer [Fri, 2 Aug 2019 21:54:49 +0000 (23:54 +0200)]
avcodec/hnm4video: Forward errors of decode_interframe_v4()

Fixes: Timeout (108sec -> 160ms)
Fixes: 15570/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HNM4_VIDEO_fuzzer-5085482213441536

Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/interplayvideo: Avoid ff_get_buffer() during init
Michael Niedermayer [Thu, 11 Jul 2019 20:29:10 +0000 (22:29 +0200)]
avcodec/interplayvideo: Avoid ff_get_buffer() during init

This is unneeded for interplay video

Fixes: memleak
Fixes: 15562/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_VIDEO_fuzzer-5162268645392384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/vividas: Check that value from ffio_read_varlen() does not overflow
Michael Niedermayer [Sat, 20 Jul 2019 20:41:08 +0000 (22:41 +0200)]
avformat/vividas: Check that value from ffio_read_varlen() does not overflow

Fixes: signed integer overflow: -1241665686 + -1340629419 cannot be represented in type 'int'
Fixes: 15922/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5692826442006528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/vividas: forward errors from track_header()
Michael Niedermayer [Sat, 20 Jul 2019 20:36:10 +0000 (22:36 +0200)]
avformat/vividas: forward errors from track_header()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/clearvideo: fix invalid shift in tile size check
Michael Niedermayer [Sat, 13 Jul 2019 18:16:19 +0000 (20:16 +0200)]
avcodec/clearvideo: fix invalid shift in tile size check

Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 15631/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CLEARVIDEO_fuzzer-5690110605000704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/vividas: Check buffer size before allocation
Michael Niedermayer [Sat, 13 Jul 2019 17:57:21 +0000 (19:57 +0200)]
avformat/vividas: Check buffer size before allocation

Fixes: out of array access
Fixes: 15365/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5716153105645568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/vividas: Check if extradata was read successfully
Michael Niedermayer [Sat, 13 Jul 2019 18:08:03 +0000 (20:08 +0200)]
avformat/vividas: Check if extradata was read successfully

Fixes: OOM
Fixes: 15575/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5654666781655040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/dashenc: fix writing the AV1 codec string in mp4 mode
James Almer [Tue, 30 Jul 2019 16:21:46 +0000 (13:21 -0300)]
avformat/dashenc: fix writing the AV1 codec string in mp4 mode

From https://aomediacodec.github.io/av1-isobmff/#codecsparam, the parameters
sample entry 4CC, profile, level, tier, and bitDepth are all mandatory fields.
All the other fields are optional, mutually inclusive (all or none).

Fixes ticket #8049

Signed-off-by: James Almer <jamrial@gmail.com>
2 months agoavformat/dashenc: update stream extradata from packet side data
James Almer [Tue, 30 Jul 2019 18:08:36 +0000 (15:08 -0300)]
avformat/dashenc: update stream extradata from packet side data

codecpar->extradata is not going to change between packets. New extradata
is instead propagated using packet side data.

Use ff_alloc_extradata() as well.

Signed-off-by: James Almer <jamrial@gmail.com>
2 months agoavformat/av1: combine high_bitdepth and twelve_bit into a single bitdepth value
James Almer [Tue, 30 Jul 2019 14:55:26 +0000 (11:55 -0300)]
avformat/av1: combine high_bitdepth and twelve_bit into a single bitdepth value

Signed-off-by: James Almer <jamrial@gmail.com>
2 months agoavformat/av1: rename some AV1SequenceParameters fields
James Almer [Tue, 30 Jul 2019 14:48:38 +0000 (11:48 -0300)]
avformat/av1: rename some AV1SequenceParameters fields

Cosmetic change.

Signed-off-by: James Almer <jamrial@gmail.com>
2 months agoavformat/av1: split off sequence header parsing from the av1C writing function
James Almer [Tue, 30 Jul 2019 15:08:44 +0000 (12:08 -0300)]
avformat/av1: split off sequence header parsing from the av1C writing function

It will be used by the dash muxer

Signed-off-by: James Almer <jamrial@gmail.com>
2 months agoavformat/av1: add color config values to AV1SequenceParameters
James Almer [Tue, 30 Jul 2019 14:43:02 +0000 (11:43 -0300)]
avformat/av1: add color config values to AV1SequenceParameters

Signed-off-by: James Almer <jamrial@gmail.com>
2 months agoavcodec/vp8: do vp7_fade_frame() later
Michael Niedermayer [Thu, 1 Aug 2019 11:54:21 +0000 (13:54 +0200)]
avcodec/vp8: do vp7_fade_frame() later

Fixes: Timeout (100sec -> 5sec)
Fixes: 15073/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP7_fuzzer-5649257362620416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/vp3: Check for end of input in vp4_unpack_vlcs()
Michael Niedermayer [Fri, 2 Aug 2019 19:23:18 +0000 (21:23 +0200)]
avcodec/vp3: Check for end of input in vp4_unpack_vlcs()

Fixes: Timeout (too long -> 1sec)
Fixes: 15232/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP3_fuzzer-5769583086010368

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/vp3: Check that theora is theora
Michael Niedermayer [Sun, 21 Jul 2019 22:41:06 +0000 (00:41 +0200)]
avcodec/vp3: Check that theora is theora

Theora is forced to be non zero if it is zero and a sample
is asked for, as suggested by reimar

Fixes: Timeout (2min -> 600ms)
Fixes: 15366/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-5737849938247680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavutil/mips: Avoid instruction exception caused by gssqc1/gslqc1.
Shiyou Yin [Wed, 31 Jul 2019 01:30:01 +0000 (09:30 +0800)]
avutil/mips: Avoid instruction exception caused by gssqc1/gslqc1.

Ensure the address accesed by gssqc1/gslqc1 are 16-byte aligned.

2 months agoavcodec/msrle: remove unused items
Paul B Mahol [Thu, 1 Aug 2019 14:02:18 +0000 (16:02 +0200)]
avcodec/msrle: remove unused items

2 months agolavu/tx: add support for double precision FFT and MDCT
Lynne [Sat, 27 Jul 2019 17:54:20 +0000 (18:54 +0100)]
lavu/tx: add support for double precision FFT and MDCT

Simply moves and templates the actual transforms to support an
additional data type.
Unlike the float version, which is equal or better than libfftw3f,
double precision output is bit identical with libfftw3.

2 months agolavfi/zmq: Avoid mem copy past the end of input buffer
Andriy Gelman [Tue, 30 Jul 2019 21:16:08 +0000 (17:16 -0400)]
lavfi/zmq: Avoid mem copy past the end of input buffer

2 months agoFATE: add hls single file mode test case
Steven Liu [Tue, 30 Jul 2019 09:05:36 +0000 (17:05 +0800)]
FATE: add hls single file mode test case

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
2 months agotools/target_dec_fuzzer: fix memleak of extradata
Michael Niedermayer [Wed, 10 Jul 2019 20:32:49 +0000 (22:32 +0200)]
tools/target_dec_fuzzer: fix memleak of extradata

Fixes: memleak
Fixes: 15535/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5692162424963072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/vc1_pred: Fix invalid shift in scaleforsame()
Michael Niedermayer [Wed, 10 Jul 2019 21:27:19 +0000 (23:27 +0200)]
avcodec/vc1_pred: Fix invalid shift in scaleforsame()

Fixes: left shift of negative value -1
Fixes: 15531/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5759556258365440

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/vc1_block: Fix integer overflow in ff_vc1_pred_dc()
Michael Niedermayer [Thu, 4 Jul 2019 21:13:13 +0000 (23:13 +0200)]
avcodec/vc1_block: Fix integer overflow in ff_vc1_pred_dc()

Fixes: signed integer overflow: 32796 * 65536 cannot be represented in type 'int'
Fixes: 15430/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5735424087031808

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/truemotion2: Fix several integer overflows in tm2_motion_block()
Michael Niedermayer [Mon, 8 Jul 2019 21:00:09 +0000 (23:00 +0200)]
avcodec/truemotion2: Fix several integer overflows in tm2_motion_block()

Fixes: 15524/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5173148372172800
Fixes: signed integer overflow: 13701388 - -2134868270 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/apedec: Make coeffsA/B uint32_t, this avoids several cases of undefined behavior
Michael Niedermayer [Tue, 2 Jul 2019 10:30:32 +0000 (12:30 +0200)]
avcodec/apedec: Make coeffsA/B uint32_t, this avoids several cases of undefined behavior

Changing the type to an unsigned one to avoid many casts was suggested
This may be inadequate for fixing the UB on ILP64

Fixes: signed integer overflow: -1418162611 * 383 cannot be represented in type 'int'
Fixes: 15547/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5691384901664768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/apedec: make left/right unsigned to avoid undefined behavior
Michael Niedermayer [Tue, 2 Jul 2019 10:13:19 +0000 (12:13 +0200)]
avcodec/apedec: make left/right unsigned to avoid undefined behavior

Fixes: signed integer overflow: 755176387 + 1515360583 cannot be represented in type 'int'
Fixes: 15506/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5706859232624640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/apedec: Fix multiple integer overflows and undefined behaviorin filter_3800()
Michael Niedermayer [Sun, 16 Jun 2019 09:39:15 +0000 (11:39 +0200)]
avcodec/apedec: Fix multiple integer overflows and undefined behaviorin filter_3800()

Fixes: left shift of negative value -4
Fixes: signed integer overflow: -15091694 * 167 cannot be represented in type 'int'
Fixes: signed integer overflow: 1898547155 + 453967445 cannot be represented in type 'int'
Fixes: 15258/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5759095564402688
Fixes: signed integer overflow: 962196438 * 31 cannot be represented in type 'int'
Fixes: 15364/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718799845687296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/mpc: deallocate frames array on errors
Michael Niedermayer [Wed, 24 Jul 2019 21:11:50 +0000 (23:11 +0200)]
avformat/mpc: deallocate frames array on errors

Fixes: memleak on error path
Fixes: 15984/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5679918412726272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agolavfi/vf_thumbnail_cuda: fix operator precedence bug
Rodger Combs [Tue, 30 Jul 2019 07:51:43 +0000 (02:51 -0500)]
lavfi/vf_thumbnail_cuda: fix operator precedence bug

Discovered via a warning when building with clang

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2 months agolavd/v4l2: produce a 0 byte packet when a dequeued buffer's size is unexpected
Stephan Hilb [Wed, 5 Jun 2019 20:04:38 +0000 (22:04 +0200)]
lavd/v4l2: produce a 0 byte packet when a dequeued buffer's size is unexpected

Behave like we do for V4L2_BUF_FLAG_ERROR, implemented in commit 28f20d2ff4 .

For some devices (probably also related to the V4L driver implementation)
it happens that when invoking the ioctl DQBUF, the returned buffer is not
of the expected size. Here are two examples for such occurrences:

    [video4linux2,v4l2 @ 0x258b440] Dequeued v4l2 buffer contains 609596 bytes, but 614400 were expected. Flags: 0x00000001.
    /dev/video1: Invalid data found when processing input

    [video4linux2,v4l2 @ 0x225f440] Dequeued v4l2 buffer contains 609508 bytes, but 614400 were expected. Flags: 0x00000001.
    /dev/video1: Invalid data found when processing input

For the ffmpeg CLI tool this means it will stop capturing and exit.

The described behaviour was observed at least with one OmniVision USB
web cam and with some stk1160 devices.

If you search the web for the error message, you will find quite a few
instances of this problem. Some of them experienced on other devices.

Probably fixes ticket #4795

Signed-off-by: Alexander Strasser <eclipse7@gmx.net>
2 months agolavu/hwcontext_qsv: fix the memory leak
Linjie Fu [Fri, 26 Jul 2019 08:00:24 +0000 (16:00 +0800)]
lavu/hwcontext_qsv: fix the memory leak

av_dict_free child_device_opts to fix the memory leak.

Signed-off-by: Linjie Fu <linjie.fu@intel.com>
Signed-off-by: Zhong Li <zhong.li@intel.com>
2 months agoavformat/av1: fix AV1CodecConfigurationBox name in doxy
James Almer [Tue, 30 Jul 2019 03:33:47 +0000 (00:33 -0300)]
avformat/av1: fix AV1CodecConfigurationBox name in doxy

Signed-off-by: James Almer <jamrial@gmail.com>
2 months agocbs_mpeg2: Fix parsing the last unit
Andreas Rheinhardt [Mon, 29 Jul 2019 19:56:56 +0000 (21:56 +0200)]
cbs_mpeg2: Fix parsing the last unit

There is one way to find out if avpriv_find_start_code has found a start
code or not: One has to check whether the state variable contains a
start code, i.e. whether the three most significant bytes are 0x00 00 01.
Checking for whether the return value is the end of the designated
buffer is not enough: If the last four bytes constitute a start code,
the return value is also the end of the buffer. This happens with
sequence_end_codes which have been ignored for exactly this reason,
although e.g. all three files used for fate tests of cbs_mpeg2 contain
sequence_end_codes.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2 months agocbs_mpeg2: Rearrange start code search
Andreas Rheinhardt [Mon, 29 Jul 2019 19:56:55 +0000 (21:56 +0200)]
cbs_mpeg2: Rearrange start code search

1. Currently, cbs_mpeg2_split_fragment uses essentially three variables
to hold the start code values found by avpriv_find_start_code. By
rearranging the code, one of them can be omitted.
2. The return value of avpriv_find_start_code points to the byte after
the byte containing the start code identifier (or to the byte after the
last byte of the fragment's data if no start code was found), but
cbs_mpeg2_split_fragment needs to work with the pointer to the byte
containing the start code identifier; it already did this, but in a
clumsy way. This has been changed.
3. Also use the correct type for the variable holding the
CodedBitstreamUnitType.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>